index_5
UNCLASSIFIED
Preface
Version 1.0g
UNCLASSIFIED
5
Preface
Routers direct and control much of the data flowing across computer networks. This
guide provides technical guidance intended to help network administrators and
security officers improve the security of their networks. Using the information
presented here, you can configure your routers to control access, resist attacks, shield
other network components, and even protect the integrity and confidentiality of
network traffic.
This guide was developed in response to numerous questions and requests for
assistance received by the NSA System and Network Attack Center (SNAC). The
topics covered in the guide were selected on the basis of customer interest, and the
SNACs background in securing networks.
The goal for this guide is a simple one: improve the security provided by routers on
US Department of Defense (DOD) operational networks.
Who Should Use This Guide
Network administrators and network security officers are the primary audience for
this configuration guide, throughout the text the familiar pronoun you is used for
guidance directed specifically to them. Most network administrators are responsible
for managing the connections among parts of their networks, and between their
network and various other networks. Network security officers are usually
responsible for selecting and deploying the assurance measures applied to their
networks. For this audience, this guide provides security goals and guidance, along
with specific examples of configuring Cisco routers to meet those goals.
Firewall administrators are another intended audience for this guide. Often, firewalls
are employed in conjunction with filtering routers; the overall perimeter security of
an enclave benefits when the configurations of the firewall and router are
complementary. While this guide does not discuss general firewall topics in any
depth, it does provide information that firewall administrators need to configure their
routers to actively support their perimeter security policies. Section 5 includes
information on using the firewall features of the Cisco Integrated Security facility.
Information System Security Engineers (ISSEs) may also find this guide useful.
Using it, an ISSE can gain greater familiarity with security services that routers can
provide, and use that knowledge to incorporate routers more effectively into the
secure network configurations that they design.
Sections 4, 5, and 6 of this guide are designed for use with routers made by Cisco
Systems, and running Ciscos IOS software. The descriptions and examples in those
sections were written with the assumption that the reader is familiar with basic Cisco
router operations and command syntax.